CVE-2024-0308

Name of the Vulnerable Software and Affected Versions Inis versions up to 2.0.1

Description A critical issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p url leads to server-side request forgery. The attack may be initiated remotely.

Recommendations For Inis versions up to 2.0.1, consider disabling the Proxy.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the p url argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.